249 matches found
CVE-2026-44744
SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...
CVE-2026-44744
SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...
CVE-2026-44754
The CVE-2026-44754 issue affects SAP’s Operational Data Provisioning (ODP) RFC APIs, where RFC modules fail to perform caller identification for allowed SAP-internal applications. This allows customer/third-party applications to use ODP-RFC functionality in ways not aligned with its intended usag...
CVE-2026-44754
The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...
EUVD-2026-35286
The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...
CVE-2026-44744
SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...
CVE-2026-44744 SQL Injection vulnerability in SAP S/4HANA
SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...
EUVD-2026-35281
SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...
EUVD-2026-35278
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...
CVE-2026-27671
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...
CVE-2026-27671
Technical details about CVE-2026-27671 are not publicly available in the provided documents. Monitor for updates from SAP/security advisories.
PT-2026-47532
SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...
CVE-2026-40134
Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...
The vulnerability of the CREATE TYPE command in the PostgreSQL database management system allows a hacker to execute arbitrary SQL functions.
The vulnerability of the CREATE TYPE command in the PostgreSQL database management system is related to the lack of authorization. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL functions remotely...
EUVD-2026-29363
Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...
CVE-2026-40134
Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...
CVE-2026-34259
Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modif...
CVE-2026-40134 Missing Authorization Check in SAP Incentive and Commission Management
Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...
CVE-2026-34259 OS Command Injection Vulnerability in SAP Forecasting & Replenishment
Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modif...
CVE-2026-34259
SAP Forecasting & Replenishment contains an OS Command Execution vulnerability. An authenticated user with administrative privileges can abuse a non-remote-enabled function to execute arbitrary operating system commands, potentially reading/modifying any system data or shutting down the system, c...